-
Notifications
You must be signed in to change notification settings - Fork 0
Provider authentik
Kolin edited this page Jun 13, 2026
·
1 revision
- authentik running and accessible
- An OAuth2/OIDC Provider and Application configured in authentik
- Go to Admin Interface → Applications → Providers → Create.
- Select OAuth2/OpenID Provider.
- Configure:
- Name: Jellyfin
- Authorization flow: your preferred flow
- Client type: Confidential
-
Redirect URIs:
https://<your-jellyfin-domain>/sso/OID/redirect/authentik -
Scopes:
openid,profile,email,offline_access
- Note the Client ID and Client Secret.
- Go to Admin Interface → Applications → Applications → Create.
- Set the provider to the one created above.
- Set the slug (e.g.,
jellyfin).
- Edit the provider and go to Advanced Protocol Settings.
- Add a Property mapping that exposes groups as a claim named
groups.
authentik ships with a default groups mapping. If it is not already selected, add it to the provider's Property Mappings.
| Field | Value |
|---|---|
| Provider Name | authentik |
| OpenID Endpoint | https://<authentik-domain>/application/o/<app-slug>/ |
| Client ID | from authentik provider |
| Client Secret | from authentik provider |
| Role Claim | groups |
| Request Additional Scopes | (none required if groups mapping is active) |
Set Roles to the authentik group names allowed to log in:
jellyfin-users
Set Admin Roles to groups that receive admin access:
jellyfin-admins
https://<your-jellyfin-domain>/sso/OID/redirect/authentik
Getting Started
Configuration
Providers
Reference
Development